隐藏内容 Security & Risk Analysis
wordpress.org/plugins/content-hiding支持隐藏文章内容的一部分,用户需要关注微信公众号或百家号才可以查看。
Is 隐藏内容 Safe to Use in 2026?
Generally Safe
Score 100/100隐藏内容 has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "content-hiding" plugin v0.0.4 exhibits a mixed security posture. While it demonstrates strong practices in SQL query handling and output escaping, significant concerns arise from its attack surface. Four out of five entry points, all AJAX handlers, lack proper authentication checks. This creates a substantial risk of unauthorized actions being performed by unauthenticated users, potentially leading to plugin malfunction or unintended content exposure.
Taint analysis reveals one flow with unsanitized paths, which, although not classified as critical or high severity in the provided data, still warrants attention. The absence of nonce checks on these unprotected AJAX handlers further exacerbates the risk of Cross-Site Request Forgery (CSRF) attacks. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator of past development practices. However, this does not negate the immediate risks presented by the current code analysis.
In conclusion, the "content-hiding" plugin has a relatively small attack surface but a high concentration of unprotected entry points, particularly AJAX handlers. The clean vulnerability history is commendable, but the identified weaknesses in authentication and authorization for AJAX endpoints present a significant security concern that should be addressed promptly.
Key Concerns
- AJAX handlers without auth checks
- Unsanitized path taint flow
- No nonce checks on AJAX handlers
隐藏内容 Security Vulnerabilities
隐藏内容 Code Analysis
Output Escaping
Data Flow Analysis
隐藏内容 Attack Surface
AJAX Handlers 4
Shortcodes 1
WordPress Hooks 7
Maintenance & Trust
隐藏内容 Maintenance & Trust
Maintenance Signals
Community Trust
隐藏内容 Alternatives
胖鼠采集(Fat Rat Collect)
fat-rat-collect
胖鼠采集(Fat Rat Collect) 是一款能够帮助你网站自动化的采集工具. 支持采集、微信、简书、知乎、自定义列表页、自定义详情页面、还有许多特色功能、 还可一键采集历史文章, 一键设置自动采集, 自动发布, 为您节省精力, 快来体验一下吧!
WxSync-标准云微信公众号文章免费采集-任意公众号自动采集付费购买
wxsync
标准云微信公众号文章采集与自动同步插件,手动采集永久免费,自动同步采集可按月收费
Wenprise WeChatPay Payment Gateway For WooCommerce
wenprise-wechatpay-checkout-for-woocommerce
WeChat payment gateway for WooCommerce, WooCommerce 微信免费全功能支付网关。
WP Weixin
wp-weixin
WordPress WeChat integration
![[凹凸曼]微信分享有图-WeChat Page Sharing](https://ps.w.org/apoyl-weixinshare/assets/icon-128x128.png){kind=icon}
[凹凸曼]微信分享有图-WeChat Page Sharing
apoyl-weixinshare
这是一款解决在微信里首页、文章、单页等页面(如post, page, attachment, revision, menu)分享到朋友或朋友圈,图标无法显示,描述更改为部分文章内容或者文章摘要. This is a solution to share to Chat or share on Mome …
隐藏内容 Developer Profile
3 plugins · 1K total installs
How We Detect 隐藏内容
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/content-hiding/assets/css/frontend.css/wp-content/plugins/content-hiding/assets/js/frontend.js/wp-content/plugins/content-hiding/assets/js/frontend.jscontent-hiding/assets/css/frontend.css?ver=content-hiding/assets/js/frontend.js?ver=HTML / DOM Fingerprints
contentHidingAjaxUrlcontentHidingNonce/wp-json/content-hiding/v1/check_password/wp-json/content-hiding/v1/show_content[hide]